Security Directory

L

Landesförderinstitut Mecklenburg-Vorpommern

lfi-mv.de

64

The Landesförderinstitut Mecklenburg-Vorpommern (LFI M-V) operates as the central funding service provider for the state of Mecklenburg-Vorpommern, Germany. It offers a variety of public funding programs targeting businesses, founders, municipalities, private individuals, and organizations. The website reflects a government-oriented institution with a clear focus on facilitating access to funding and providing comprehensive information about available programs and related statistics. The site is well-branded, consistent, and includes EU co-financing indicators, enhancing trust and legitimacy. Technically, the website employs standard web technologies such as HTML5, CSS3, JavaScript, and jQuery-based components like Owl Carousel. The site is mobile-optimized, accessible, and SEO-friendly, though no specific CMS or hosting provider details are evident. Performance is moderate, with no critical technical issues detected. From a security perspective, HTTPS is used, and a cookie consent mechanism is implemented, indicating GDPR compliance. However, explicit security headers and incident response policies are not published, and no vulnerability disclosure mechanisms are present. The site does not expose sensitive data or use vulnerable libraries based on the provided content. Overall, the security posture is adequate but could be improved with additional policies and headers. The risk assessment is low given the nature of the site as a government funding portal with no adult or questionable content. Strategic recommendations include enhancing security headers, publishing security policies, and providing clear contact information for security incidents to improve trust and compliance further.

E

Ehrenamtsstiftung Mecklenburg-Vorpommern

ehrenamtskarte-mv.de

10

The Ehrenamtskarte MV website serves as an informational platform for the Ehrenamtskarte Mecklenburg-Vorpommern, a regional government and non-profit initiative recognizing volunteer engagement. It provides detailed information about the card, application processes, benefits, and partner organizations. The site targets volunteers and community members in Mecklenburg-Vorpommern, offering a well-structured and professionally designed user experience with good mobile optimization and accessibility. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and integrates Google Analytics for visitor tracking with user consent. Security posture is moderate with HTTPS usage implied but lacks explicit security headers and incident response contacts. Privacy compliance is well addressed with a clear cookie consent mechanism and a linked privacy policy. Overall, the site is trustworthy and professional, supporting its mission to promote volunteerism in the region.

V

Verfassungsschutz Mecklenburg-Vorpommern

verfassungsschutz-mv.de

62

The website www.verfassungsschutz-mv.de serves as the official online presence of the Verfassungsschutz (Office for the Protection of the Constitution) of Mecklenburg-Vorpommern, Germany. It provides comprehensive information about the agency's mission to protect the democratic constitutional order against extremist threats. The site targets citizens, political stakeholders, and interested parties by offering detailed content on various extremist fields, legal frameworks, reports, and public service announcements. The business model is that of a government agency focused on transparency and public awareness. Technically, the website is built on standard web technologies including HTML5, CSS, and JavaScript, likely managed via a custom or proprietary CMS. The site is moderately performant, mobile-optimized, and accessible, with clear navigation and structured content. No advanced frameworks or third-party analytics/tracking tools were detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed from domain and typical government standards), implements cookie consent mechanisms, and avoids exposing sensitive data. However, no explicit security headers or incident response policies are published, and forms use GET methods without sensitive data collection. No vulnerability disclosure or security.txt files are present, which could be improved. Overall, the website is trustworthy, professional, and compliant with GDPR requirements, providing valuable public service content. The domain and hosting align with regional government infrastructure, supporting legitimacy. Recommendations include enhancing security headers, publishing security policies, and adding incident response contacts to strengthen security posture and user trust.

S

Steuerportal Mecklenburg-Vorpommern

steuerportal-mv.de

10

Steuerportal Mecklenburg-Vorpommern is an official government portal dedicated to providing tax-related information and services for the Mecklenburg-Vorpommern region in Germany. It serves citizens, businesses, and tax professionals by offering access to local tax offices, tax law guidance, service brochures, appointment scheduling, and up-to-date tax news. The portal is positioned as an authoritative regional government resource with a clear focus on public service and compliance facilitation. Technically, the website employs standard web technologies such as HTML5, CSS, and JavaScript, with a likely custom content management system tailored for government use. The site demonstrates good mobile optimization, accessibility, and SEO practices, although no major modern frameworks or platforms are explicitly detected. Performance is moderate, and the site includes a cookie consent mechanism to comply with privacy regulations. From a security perspective, the portal uses HTTPS (implied by the domain and typical government standards), but explicit security headers and incident response policies are not visible. No vulnerabilities or exposed sensitive data were detected in the HTML content. The site lacks a published security.txt or vulnerability disclosure policy, which could enhance transparency and security posture. Overall, the website is trustworthy and professional, with high content relevance and clear navigation. The absence of direct contact emails or phone numbers on the homepage is typical for government portals that centralize contact through other channels. The WHOIS data is limited but consistent with regional government hosting, supporting legitimacy. No WAF or blocking mechanisms interfere with content access, enabling full analysis. Strategic recommendations include enhancing security headers, publishing incident response and vulnerability disclosure information, and providing clearer contact channels for security issues to strengthen trust and compliance.

K

Kulturportal Mecklenburg-Vorpommern

kultur-mv.de

52

Kulturportal Mecklenburg-Vorpommern is a regional cultural information portal focused on arts, culture, and cultural politics in the German state of Mecklenburg-Vorpommern. It provides comprehensive news, event calendars, exhibition details, and cultural education resources targeting residents, visitors, artists, and cultural institutions. The portal is government-supported and serves as a central hub for cultural engagement in the region. Technically, the website is built on TYPO3 CMS with modern JavaScript libraries and demonstrates good mobile optimization and accessibility. However, it lacks visible privacy and cookie policies, which is a compliance gap. Security posture is moderate with HTTPS enabled but missing security headers and incident response contacts. Overall, the site is professional, trustworthy, and content-rich but should improve privacy compliance and security best practices.

M

Ministerium für Wirtschaft, Infrastruktur, Tourismus und Arbeit Mecklenburg-Vorpommern

investorenportal-mv.de

10

The website www.investorenportal-mv.de serves as the official government portal for economic development and investor support in Mecklenburg-Vorpommern, Germany. It provides comprehensive information on investment opportunities, regional advantages, sector strengths, and support services including funding and workforce availability. The portal targets investors and businesses interested in establishing or expanding operations in the region, positioning itself as a trusted government resource. Technically, the site is built on the OpenCms content management system and employs standard web technologies such as HTML5, CSS, and JavaScript. It features a responsive design with good accessibility and SEO practices. The cookie consent mechanism is robust, offering granular user control and compliance with GDPR requirements. Analytics usage is minimal and privacy-conscious, relying on server log analysis and optional third-party video embed tracking. From a security perspective, the site uses HTTPS and implements cookie consent but lacks explicit security headers and a published security policy or incident response contacts. No vulnerabilities or suspicious domains were detected. The WHOIS data is limited but consistent with a legitimate government domain. Overall, the site demonstrates a solid security posture with room for improvement in formal security documentation and header implementation. The overall risk is low given the official nature and content safety of the site. Strategic recommendations include enhancing security headers, publishing a security policy, and maintaining privacy best practices to further strengthen trust and compliance.

G

GeoPortal.MV

geodaten-mv.de

64

GeoPortal.MV is the official geospatial data platform for the German state of Mecklenburg-Vorpommern, providing citizens, authorities, and businesses with access to a wide range of geodata services including thematic maps, geodata viewers, and geospatial web services. The portal is well-positioned as a government service platform with a clear focus on geoinformation infrastructure and public sector data dissemination. Technically, the website employs standard web technologies such as HTML5, CSS, JavaScript, and jQuery, with good mobile optimization and accessibility features. Security posture is solid with HTTPS enforced and secure form handling, though it lacks advanced security headers and a public security policy or incident response contacts. Privacy compliance is good, with clear privacy and cookie policies and GDPR adherence. Overall, the site is professional, trustworthy, and serves its public sector mission effectively.

N

NOTUS energy

notus.de

53

NOTUS energy is a well-established company specializing in wind and solar energy project development, financing, and management. The company operates internationally across 18 countries, offering a broad range of services from project conception to operation and asset management. Their website reflects a professional and comprehensive presentation of their business, targeting investors, project developers, municipalities, and other stakeholders in the renewable energy sector. The company positions itself as a strong partner in the transition to climate-friendly energy solutions. Technically, the website is built on Drupal CMS with modern web technologies including HTML5, CSS3, JavaScript, and mapping via Leaflet.js. The site is mobile-optimized, accessible, and SEO-friendly, with a moderate performance profile. Google Analytics is used with IP anonymization, and cookie consent mechanisms comply with GDPR requirements. From a security perspective, the site uses HTTPS and implements privacy-conscious analytics configurations. However, explicit security headers and incident response policies are not evident. No vulnerabilities or exposed sensitive data were detected in the content. The WHOIS data is consistent with the business claims, showing no privacy protection or suspicious registration patterns. Overall, the website demonstrates a high level of professionalism, compliance, and technical maturity, with room for improvement in explicit security policy disclosures and security header implementations.

M

MASLATON Rechtsanwaltsgesellschaft mbH

maslaton.de

42

MASLATON Rechtsanwaltsgesellschaft mbH is a German law firm specializing in renewable energy law, air traffic law, and other civil and public law areas. With headquarters in Leipzig and branches in Munich and Cologne, the firm serves businesses, municipalities, and aviation clients. It holds a strong market position as a top-ranked law firm in energy law, offering comprehensive legal services including wind energy, biomasse, photovoltaic, and electromobility. The website reflects a professional and trustworthy brand with clear contact channels and client testimonials. Technically, the website uses modern web technologies including Matomo analytics configured for privacy, SVG icons, and responsive design. Hosting is via kasserver.com, and the site is served over HTTPS with good SSL configuration. However, no explicit cookie consent mechanism or advanced security headers were detected, indicating room for improvement in privacy compliance and security hardening. Security posture is solid with no visible vulnerabilities or exposed sensitive data, but the absence of a security policy or incident response contacts suggests limited transparency in security governance. The firm demonstrates GDPR compliance through a comprehensive privacy policy and cookie-less tracking setup. Overall, the website and domain registration data align well, indicating a legitimate and credible business presence. Strategic recommendations include implementing cookie consent, enhancing security headers, and publishing security and incident response policies to further strengthen trust and compliance.

L

LIFE e.V.

life-online.de

53

LIFE e.V. is a German non-profit organization based in Berlin, specializing in education, environmental issues, and equal opportunities. The website offers workshops, further education, and consulting services focused on anti-discrimination, equality, environmental and climate protection, and transformative education. The organization targets individuals and groups interested in these social and environmental topics within the Berlin region. Technically, the website is built on WordPress using the Divi theme, enhanced with plugins such as Real Cookie Banner Pro for GDPR compliance and Matomo for privacy-respecting analytics. Cloudflare services are used for security and performance optimization, including bot protection via Turnstile. The site demonstrates good privacy compliance with comprehensive cookie and privacy policies and uses HTTPS with appropriate security headers. However, there is no explicit security policy or incident response page published, and no vulnerability disclosure mechanism is present. Overall, the website is professionally designed, accessible, and trustworthy, reflecting a mature digital presence for a small non-profit entity.

I

ITAD e.V.

itad.de

45

ITAD e.V. is a well-established German industry association representing thermal waste treatment plants, holding a leading market position with over 90 member plants covering more than 95% of national treatment capacity. The organization focuses on promoting sustainable waste management, climate protection, and circular economy principles. Their website reflects a professional and consistent brand image, targeting industry stakeholders, members, and the press. Technically, the site is built on the Plone CMS platform, leveraging modern JavaScript libraries such as Swiper.js and Leaflet.js, and uses Matomo for privacy-conscious analytics. Hosting is provided by Hostsharing eG, a reputable provider. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is supported by a comprehensive privacy policy, but lacks a cookie consent mechanism. Overall, the website is trustworthy, well-maintained, and aligned with the organization's business goals.

I

ifeu gGmbH: Institut für Energie- und Umweltforschung Heidelberg gGmbH

ifeu.de

48

ifeu gGmbH is a well-established German non-profit research institute specializing in energy and environmental sustainability research and consulting. With over 45 years of experience and more than 120 employees across multiple locations, it serves a broad audience including national and international funding agencies, policymakers, and environmental stakeholders. The organization offers a range of services including environmental research, sustainability consulting, and development of analytical tools and models. The website reflects a professional and comprehensive digital presence with clear navigation and rich content focused on their research themes and projects. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and uses Matomo analytics configured for privacy compliance. Security posture is good with HTTPS and privacy-respecting analytics, though there is room for improvement in security headers and incident response disclosures. Overall, the website is trustworthy, well-branded, and serves as a credible platform for the institute's activities.

W

Wölfel-Gruppe

woelfel.de

54

Wölfel-Gruppe is a well-established German engineering company specializing in services and products related to vibrations, acoustics, structural mechanics, and environmental protection. With over five decades of experience since its founding in 1971, the company serves diverse industrial sectors including energy, manufacturing, and transportation. Their offerings include consulting, expert reports, and tailored measurement and monitoring systems. The website reflects a mature digital presence built on TYPO3 CMS, featuring comprehensive content, clear navigation, and multilingual support. Technically, the site employs modern frameworks and integrates Google Tag Manager for analytics, indicating a moderate to advanced digital maturity. Security posture is good with HTTPS enforced, though some recommended security headers are not explicitly detected. Privacy compliance is strong with clear policies and consent mechanisms in place. Overall, the domain registration data aligns well with the business claims, supporting legitimacy and trustworthiness.

B

Berliner Wasserbetriebe

bwb.de

69

Berliner Wasserbetriebe is the primary water supplier and wastewater disposal service provider in Berlin, Germany. The company offers comprehensive water-related services including water quality information, installation of drinking water connections, and wastewater management. The website targets residents and businesses in Berlin, positioning itself as a trusted utility provider with a strong focus on environmental and social responsibility. The digital presence is supported by a professional and accessible website with good SEO and mobile optimization. Technically, the site uses modern web technologies such as jQuery, Cookiebot for consent management, and integrates third-party media and analytics services responsibly. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response contacts are not published. Privacy compliance is well addressed through Cookiebot and a comprehensive privacy policy. Overall, the domain registration data aligns with the business identity, indicating a legitimate and trustworthy operation.

S

South Pole

southpole.com

74

South Pole is a globally recognized company specializing in climate solutions aimed at helping businesses achieve net zero emissions. Their services include climate consulting, environmental certificates, project finance, and a marketplace for carbon credits. The company positions itself as a leader in the energy and sustainability sector, targeting organizations seeking to reduce their carbon footprint and comply with environmental regulations. The website is professionally designed, well-structured, and optimized for mobile devices, reflecting a mature digital presence. Technically, the site employs modern web technologies including Google Tag Manager, Google Analytics, Hotjar, and OneTrust for cookie consent, indicating a robust analytics and compliance infrastructure. Security posture is generally strong with HTTPS enforced and asynchronous loading of scripts, though explicit security headers and a published security policy are absent. The WHOIS data is notably missing or unavailable, which slightly reduces trust but is offset by the professional branding and presence of verified social media channels. Overall, the site is safe, business-focused, and compliant with privacy regulations, making it a credible resource in the climate solutions market.

B

Berliner Regenwasseragentur

regenwasseragentur.berlin

67

The Berliner Regenwasseragentur is a government-affiliated initiative focused on decentralized rainwater management in Berlin. It serves as a service point providing information, consultation, and educational events to citizens and businesses interested in sustainable water use. The website positions itself as a niche environmental service with strong ties to local government entities, including the Senatsverwaltung für Umwelt, Verkehr und Klimaschutz and Berliner Wasserbetriebe. The business model is primarily informational and supportive, targeting environmental sustainability and urban water management. Technically, the website is built on WordPress, leveraging Yoast SEO Premium for search optimization and Cookiebot for GDPR-compliant cookie consent management. Hosting is provided via Versatel, with a moderate performance profile and good mobile optimization. The site uses structured data (JSON-LD) to enhance SEO and provide clear organizational information. Analytics are conducted via Etracker, with moderate user tracking and transparent cookie policies. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms, but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or suspicious content were detected. Privacy compliance is strong, with detailed cookie information and opt-in consent. However, the absence of terms of service and security policies indicates room for improvement. Overall, the site is trustworthy, professional, and well-aligned with its public service mission. Strategic recommendations include enabling DNSSEC, publishing security and incident response policies, and adding a vulnerability disclosure mechanism to enhance transparency and security posture.

G

Green Planet Energy eG

green-planet-energy.de

63

Green Planet Energy eG operates as a cooperative energy provider in Germany, focusing on sustainable and green energy products including green electricity, gas, and related services such as autostrom and photovoltaic solutions. The website is professionally built using TYPO3 CMS and incorporates modern web technologies including Usercentrics for GDPR-compliant cookie consent management. The company positions itself as a contributor to the energy transition with a clear focus on environmentally friendly energy solutions. Technically, the website demonstrates good SEO practices and mobile optimization, though some performance and accessibility aspects could be improved. Security posture is moderate; while HTTPS is assumed, no explicit security headers or incident response information are present, and no privacy policy or terms of service were found in the provided content. Overall, the site is trustworthy and professional but would benefit from enhanced transparency and security documentation.

D

Deutsche Energie-Agentur GmbH (dena)

dena.de

66

Deutsche Energie-Agentur GmbH (dena) is a prominent German energy agency focused on promoting efficient, intelligent, and sustainable energy production and usage. It collaborates with public and private sector partners to advance the energy transition and climate protection efforts in Germany. The website reflects a professional and comprehensive digital presence, leveraging TYPO3 CMS and modern web technologies. It provides detailed information about its mission, projects, and services, targeting stakeholders in the energy sector and government entities. The site supports multiple languages, enhancing accessibility for international audiences. Technically, the website employs a mature infrastructure with strong privacy and consent management mechanisms, including Cookiebot for cookie consent and Matomo and Hotjar for analytics, ensuring GDPR compliance. The site is well-optimized for mobile devices and accessibility, with a clear navigation structure and professional design. Hosting is managed via secure providers, and HTTPS is enforced with appropriate security headers. From a security perspective, the site demonstrates good practices such as secure cookie handling, consent management, and absence of exposed sensitive data. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. Overall, the domain registration and hosting details align with the organization's legitimacy, supporting a high trust level. The overall risk assessment is low, with no indications of malicious content or security vulnerabilities. Strategic recommendations include publishing formal security and incident response policies, adding vulnerability disclosure information, and providing direct security contact channels to enhance transparency and trust.

D

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH

collaborative-climate-action.org

47

The Partnership for Collaborative Climate Action website serves as a knowledge-sharing platform focused on fostering cooperation between national and subnational governments to address climate change effectively. It highlights the CHAMP initiative, providing resources, news, and events to support multilevel climate governance. The site is operated by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, a reputable German development agency, positioning itself as a trusted source in the climate action domain. Technically, the website is built on WordPress with the Enfold theme and uses modern tools such as Smart Slider 3 and Matomo analytics. The infrastructure is stable, with HTTPS enabled and a moderate performance profile. Mobile optimization and SEO practices are good, though accessibility features are basic. The domain registration is consistent and appropriate, with no privacy protection, indicating transparency. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and explicit security headers. No security or incident response policies are published, and there is no cookie consent mechanism, which may impact GDPR compliance. The use of Matomo analytics suggests some privacy awareness, but overall privacy compliance is basic. Overall, the website is professional, trustworthy, and relevant to its target audience of government and climate stakeholders. However, improvements in security headers, privacy compliance, and explicit security policies would enhance its security posture and regulatory adherence.

C

Chiesi GmbH

chiesi.de

67

Chiesi GmbH is a well-established pharmaceutical company operating in Germany as part of the international Chiesi Group. The company focuses on developing and distributing pharmaceutical products in key therapeutic areas such as respiratory diseases, neonatology, rare diseases, and transplantation. The website targets healthcare professionals, patients, partners, and job seekers, providing comprehensive information about products, corporate responsibility, and career opportunities. The company holds a B Corp certification, indicating a commitment to sustainability and ethical business practices. Technically, the website employs a modern technology stack including jQuery, Google Tag Manager, and OneTrust for cookie consent, ensuring compliance with GDPR and providing a good user experience. The site is mobile optimized, has clear navigation, and integrates tracking and analytics responsibly. Security measures include HTTPS enforcement and standard security headers, with no visible vulnerabilities or exposed sensitive data. The security posture is strong, though the site could benefit from publishing explicit security policies and a vulnerability disclosure framework. Contact information is clearly provided, including phone numbers, physical address, and social media channels, enhancing business credibility. No WAF or blocking mechanisms interfere with content accessibility, and the WHOIS data confirms domain legitimacy and consistency with the business profile. Overall, Chiesi GmbH's website reflects a professional, secure, and compliant digital presence aligned with its business objectives and regulatory requirements.

B

BWE-Service GmbH

bwe-seminare.de

46

BWE-Service GmbH operates as a subsidiary of the Bundesverband WindEnergie e.V., focusing on providing educational seminars, conferences, and networking events to support the renewable energy sector, particularly wind energy, in Germany. The website serves as a portal for these offerings and directs users to the partner platform ee-hub.de for a broader range of events. The company positions itself as a key facilitator in the energy transition by enabling knowledge sharing and industry collaboration. Technically, the website is built on Drupal 7 with standard web technologies and integrates Google Analytics and Google Tag Manager for tracking, alongside a cookie consent mechanism compliant with GDPR. Security posture is adequate with HTTPS enforced, though some security headers are missing. Contact information is clearly presented, enhancing business credibility. Overall, the site is professional, well-structured, and trustworthy.

B

BNW Bundesverband Nachhaltige Wirtschaft e.V.

bnw-bundesverband.de

61

BNW Bundesverband Nachhaltige Wirtschaft e.V. is a well-established German non-profit association founded in 1992, focused on promoting sustainable and socially responsible economic practices. It serves as a network and political voice for progressive companies committed to ecological and social transformation. The website is professionally designed using Drupal 10, optimized for mobile, and includes rich content such as member testimonials, news, and event information. The technical infrastructure is modern and hosted by Hetzner, with good performance and accessibility standards. Security posture is strong with HTTPS and cookie consent mechanisms, though some security headers and explicit incident response policies are not visible. The domain registration is consistent with the organization's history and location, indicating legitimacy and trustworthiness.

W

WTSH Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH

wtsh.de

52

WTSH Wirtschaftsförderung und Technologietransfer Schleswig-Holstein GmbH is a regional governmental agency focused on economic development and technology transfer in Schleswig-Holstein, Germany. The organization provides a broad range of services including innovation consulting, funding programs, foreign trade support, startup promotion, and engagement with future-oriented topics such as digitalization, artificial intelligence, climate-neutral economy, electromobility, and hydrogen economy. Their market position is strong as a key regional economic development entity, targeting businesses, startups, and investors in the region. Technically, the website is built on the gradwerk CMS 6 platform and uses modern web technologies including jQuery, Vimeo and YouTube embeds, and various JavaScript libraries for UI components. The site is mobile optimized, accessible, and SEO friendly with comprehensive metadata and Open Graph tags. Cookie consent and privacy compliance mechanisms are well implemented. From a security perspective, the site enforces HTTPS and uses OIDC for authentication. Cookie management is detailed and transparent. However, explicit security headers like X-Frame-Options and X-Content-Type-Options are not visibly configured in the HTML source and no published security policy or incident response contacts are found. No vulnerabilities or exposed sensitive data were detected. Overall, the website presents a professional, trustworthy, and well-maintained digital presence for a governmental economic development agency. Strategic recommendations include enhancing security header implementation, publishing a security policy and incident response contacts, and adding a vulnerability disclosure mechanism to further improve trust and security posture.

Bored Ape Yacht Club (BAYC) is a leading NFT membership club operated by Yuga Labs, offering exclusive digital collectibles and community perks. The website serves as the official portal for BAYC and MAYC collections, providing member login and information about unique intellectual property rights. The business is positioned as a major player in the NFT and blockchain technology space, targeting digital art collectors and crypto enthusiasts. Technically, the site is built on modern frameworks such as Next.js and React, hosted with Cloudflare DNS, and integrates analytics tools like Google Tag Manager and Plausible Analytics. The site demonstrates excellent design quality, mobile optimization, and user experience. Security posture is strong with HTTPS and domain registration protections, though DNSSEC is not enabled and security headers are not explicitly detected. Privacy compliance is weak due to the absence of visible privacy and cookie policies. Overall, the site is trustworthy and professional but could improve transparency and compliance documentation.

F

Faraway

faraway.com

61

Faraway is a game studio specializing in the development and publishing of open economy games with blockchain and crypto integration. Their portfolio includes titles such as Dookey Dash: Unclogged, Serum City, Legends of the Mara, and Mini Royale: Nations. The company targets gamers interested in Web3 and blockchain gaming, positioning itself in a niche market focused on innovative game economies. The domain registration dating back to 2003 supports a long-standing presence in the industry, although the website content is currently inaccessible due to a client-side application error. Technically, the website employs modern technologies including Next.js and React, hosted behind Cloudflare with tracking integrations such as Google Tag Manager and Cloudflare Insights. However, the site lacks visible security headers and DNSSEC is not enabled, indicating room for improvement in security hardening. The website's performance and mobile optimization are moderate to basic, with limited accessibility and SEO optimization. From a security perspective, the absence of privacy and cookie policies, lack of contact information, and the presence of a client-side error reduce the site's trustworthiness and compliance posture. The domain registration is consistent and legitimate, but the website itself requires remediation to restore full functionality and improve user trust. Overall, the website scores low to moderate on content quality, technical implementation, security posture, and privacy compliance, resulting in an overall AI score of 48. Strategic improvements in error resolution, policy publication, security headers, and contact transparency are recommended to enhance the site's credibility and security.

Y

Yuga Labs

otherside.xyz

47

Otherside.xyz is a web3-enabled metaverse platform developed by Yuga Labs, blending MMORPG mechanics with blockchain technology and NFT integration. The platform targets NFT holders and gamers interested in immersive, interoperable virtual worlds where players own land and characters. The business model leverages ApeCoin as the in-game currency and offers an SDK for creators to build and monetize content. Technically, the site uses modern web frameworks like Next.js and React, with Cloudflare DNS and wallet integrations for user authentication. However, the current website displays a client-side application error, limiting user experience and content accessibility. Security posture is generally good with HTTPS and domain locking, but lacks DNSSEC and security.txt disclosures. Privacy and cookie policies are absent, impacting compliance. Overall, the site is moderately professional but requires fixes to improve user trust and compliance.

The website https://www.snagged.market/loyalty currently serves a 404 error page indicating the requested content is not found. The site uses modern web technologies such as React and Next.js, and integrates third-party services like Stripe and Google Analytics. However, the lack of accessible content, absence of privacy, cookie, and terms policies, and missing contact information significantly limit the ability to assess the business or security posture. The WHOIS data is malformed and does not provide any registrar or registrant details, further reducing trust and transparency. Overall, the site appears incomplete or under development, with minimal digital maturity and poor user experience.

U

Uprent

uprent.hr

56

Uprent is a Croatian company specializing in the rental, sale, servicing, and transport of machinery and work platforms, primarily targeting the construction and industrial sectors. The company has established partnerships with multiple well-known machinery brands and offers additional services such as training and a Click2Rent platform. Their website is professionally designed, mobile-optimized, and provides clear contact information, including a prominently displayed phone number and social media links. The presence of a downloadable catalog and a mobile app enhances their customer engagement and service accessibility. Technically, the website is built on a modern Nuxt.js framework with Tailwind CSS, hosted on Hetzner servers, ensuring a reliable and performant infrastructure. Security-wise, the site uses HTTPS and shows no signs of vulnerabilities or exposed sensitive data, but lacks explicit security headers and published security policies. Privacy compliance is partial, with a cookie consent mechanism present but no visible privacy policy or terms of service. Overall, the website reflects a medium-sized, legitimate business with a good market position in Croatia, but could improve in compliance and security transparency.

G

glagolITico d.o.o.

glagolitico.hr

43

glagolITico d.o.o. is a Croatian IT consulting company specializing in CRM and contact center solutions, with a strong focus on SAP Sales and Service Cloud implementations and Sinch Contact Pro products. The company targets large and complex organizations across multiple industries including telecommunications, energy, manufacturing, and finance. Their market position is reinforced by their SAP PartnerEdge membership and multiple certifications from recognized vendors such as Oracle and TMforum. The website presents a professional image with clear business information and a detailed project portfolio. Technically, the website uses standard web technologies including HTML5, CSS3, JavaScript, and jQuery, with some integration of Google APIs. Hosting is managed through CARNET, a Croatian academic and research network, which aligns with the company's location. The site shows basic mobile optimization and moderate performance but lacks advanced SEO and accessibility features. From a security perspective, the site does not display visible security headers or privacy and cookie policies, indicating gaps in GDPR compliance and security best practices. No forms or data collection mechanisms are present, reducing immediate risk exposure. WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the security posture is moderate but could be improved by implementing HTTPS, security headers, and privacy documentation. The overall risk is moderate with no critical vulnerabilities detected. Strategic improvements in privacy compliance and security hardening would enhance trust and regulatory adherence.

P

Premium Distribucija

premium-distribucija.hr

40

Premium Distribucija is a Croatian-based company specializing in the wholesale distribution of beverages for the hospitality industry, particularly targeting the HoReCa sector. The company positions itself as a premium distributor leveraging expert knowledge and experience to support successful hospitality operations. The website is professionally built on WordPress using Elementor and optimized with NitroPack and Google Site Kit, indicating a moderate level of digital maturity and performance optimization. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is functional and professional but could improve transparency and security documentation to enhance trust and compliance.

Kufner Grupa d.d. is a Croatian holding company specializing in the exploitation of mineral raw materials and production of stone materials. Established in 2008, it manages five subsidiary companies with strategically located quarries and a workforce of approximately 170 employees. The company positions itself as a leading regional producer with a focus on sustainable growth and modern technologies. The website is professionally designed, primarily in Croatian, targeting regional industrial and construction sectors. Technically, the site uses modern web fonts and JavaScript libraries but lacks advanced frameworks or CMS indications. Security posture is moderate with HTTPS implied but missing explicit security headers and incident response information. Privacy and cookie policies exist but lack active consent mechanisms. WHOIS data is unavailable, which reduces domain trustworthiness, though the website content and contact details appear legitimate. Overall, the site is safe, business-focused, and well-structured, with room for security and compliance improvements.

P

Poljoprivredno gospodarstvo Šember

sember.hr

45

Poljoprivredno gospodarstvo Šember is a small, family-owned winery located in Jastrebarsko, Croatia, specializing in producing award-winning wines such as rajnski rizling, chardonnay, and crni pinot. The business leverages its regional heritage and vineyard location on the Plešivica hills to attract wine enthusiasts and visitors for tasting and tours. The website reflects a well-established presence with consistent branding and clear communication of its offerings. Technically, the site uses common web technologies including Bootstrap, jQuery, Google Analytics, and Google Maps API, providing a moderate performance and good mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA integration, but lacks advanced security headers and explicit security policies. Privacy compliance is basic with cookie consent and terms of service present but no dedicated comprehensive privacy policy. Overall, the site is trustworthy and professional, suitable for its target mature audience interested in wine products and experiences.

G

GAZ Nutrition

gaz-nutrition.com

51

GAZ Nutrition operates a professional e-commerce website specializing in premium dietary supplements targeted at athletes, sports enthusiasts, and recreational users primarily in Croatia. The website offers a broad range of products, including proteins, amino acids, vitamins, and other sports nutrition items, supported by detailed sports guides and brand information. The business is positioned as a premium provider with a clear focus on quality and customer engagement through features like wishlists and customer accounts. Technically, the website is built on a modern WordPress and WooCommerce stack, utilizing popular plugins for enhanced user experience and marketing. The site is well-structured with good SEO practices and mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, though improvements such as DNSSEC and security headers are recommended. Privacy compliance is partial, with cookie consent implemented but lacking explicit privacy and terms of service pages. Overall, the website is trustworthy and professional, with room for enhanced compliance and security policies.

C

Copy Electronic

copy-electronic.hr

50

Copy Electronic is a well-established Croatian company specializing in the sale, rental, and servicing of IT equipment, including printers, scanners, projectors, and related office technology. With a domain registered since 1997 and a clear focus on business customers, the company positions itself as a reliable provider of comprehensive office IT solutions. Their online presence includes a webshop with a broad product catalog and customer service features such as live chat and clear contact details. Technically, the website employs modern analytics tools like Google Analytics and Microsoft Clarity, and uses Google Tag Manager for marketing and tracking purposes. The site is hosted under a Croatian registrar (CARNET), uses HTTPS, and shows good compliance with GDPR and cookie regulations. However, explicit security policies and incident response contacts are not found, which could be improved to enhance trust and security posture. Overall, the website is professional, user-friendly, and trustworthy, serving a medium-sized business audience in Croatia.

P

Poliklinika i dnevna bolnica IMED

imed.hr

59

Poliklinika i dnevna bolnica IMED is a specialized healthcare provider based in Croatia, focusing on complex dental cases and combining dental medicine, implantology, orthodontics, aesthetic surgery, and ENT services. The website reflects a professional and modern digital presence, leveraging Nuxt.js and Tailwind CSS frameworks, with integrated analytics and cookie consent mechanisms. The site is well-structured, mobile-optimized, and provides essential contact information, although explicit privacy and terms of service policies are missing. Security posture is good with HTTPS and security headers in place, but lacks published incident response or vulnerability disclosure policies. Overall, the business appears legitimate and trustworthy with a solid technical foundation but could improve compliance documentation and transparency.

H

Početna - HEDONE

hedone.hr

43

The website 'hedone.hr' appears to be a Croatian business site titled 'Početna - HEDONE'. It is built on a WordPress platform using WooCommerce for e-commerce capabilities and Elementor for page building. The site uses Google Fonts and Font Awesome for styling and icons, and Google Tag Manager for analytics tracking. However, the site lacks visible privacy, cookie, and terms of service policies, which are critical for compliance and user trust. No contact information or security policies are evident, which may impact user confidence and regulatory compliance. The technical infrastructure is modern but lacks visible security headers and explicit security best practices. Overall, the site is functional and moderately optimized for SEO and mobile use but requires improvements in privacy, security, and transparency to enhance trust and compliance.

T

Telensa Tech

telensatech.com

63

Telensa Tech is a small technology company specializing in Telco ICT and cybersecurity services, offering tailored solutions such as cloud services, system integration, telco, colocation, and comprehensive IT support. The website is professionally designed on the Squarespace platform, with clear navigation and a focus on business clients seeking digital infrastructure and security solutions. Technically, the site uses modern web technologies, has good SSL configuration with HTTPS and HSTS, and integrates Google Tag Manager for analytics. However, the absence of privacy and cookie policies and lack of WHOIS registration data present compliance and legitimacy concerns. Security posture is strong in SSL but could be improved with additional security headers and incident response information. Overall, the site is functional and professional but requires enhancements in privacy compliance and domain registration transparency.

G

Gist

giftcardpro.app

73

Gist operates Gift Card Pro, a Shopify app designed to enhance gift card sales and delivery for Shopify store owners. The app offers features such as digital and physical gift card sales, automated delivery via email and SMS, customizable designs, bulk sending, and balance reminders. Positioned as a niche e-commerce tool, it targets Shopify merchants seeking to improve customer gifting experiences. Technically, the app leverages modern web technologies including React, Stimulus, Tailwind CSS, and is hosted on Shopify's CDN infrastructure, ensuring good performance and mobile optimization. Security posture is strong with HTTPS, CSRF protections, and no visible vulnerabilities, though explicit privacy and cookie policies are absent on the app detail page. Overall, the app demonstrates a mature digital presence with high user ratings and trust signals, but could improve privacy compliance and contact transparency.

P

Purple Dot

purpledotprice.com

66

Purple Dot operates as a premium pre-order platform designed to empower modern e-commerce brands to optimize sales and inventory management through flexible, AI-driven pre-order solutions. The company positions itself strongly in the e-commerce technology sector, serving a diverse audience including executives, warehouse operations, merchandising, customer experience, and technical teams. Their platform integrates seamlessly with existing tech stacks, offering a smooth pre-order experience backed by FTC-compliant guarantees and trusted by over 100 global brands. Technically, the website is built on Webflow CMS with modern analytics and tracking tools, delivering fast performance and excellent mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though the absence of explicit security policies and incident response information suggests room for improvement. The missing WHOIS data raises some concerns about domain registration legitimacy, but the professional and comprehensive website content supports the business's credibility. Overall, Purple Dot presents a mature digital presence with strong business and technical foundations, though enhancing privacy compliance and security transparency would further strengthen trust.

I

Iskon

iskon.hr

54

Iskon.hr is the official website of Iskon, a Croatian telecommunications provider offering fixed internet, television (Iskon.Play TV), and other telecom services for residential and business customers. The website presents a professional and modern design built with React and Next.js frameworks, utilizing Ant Design components. The content is relevant and targeted primarily at Croatian consumers and businesses seeking telecom solutions. However, the site lacks explicit privacy and cookie policies, which are critical for GDPR compliance and user trust. Security posture is moderate with HTTPS likely enabled but missing key security headers and no visible incident response or vulnerability disclosure information. Overall, the website is functional and credible but would benefit from enhanced privacy compliance and security transparency.

A

Agrokor

agrokor.hr

63

Agrokor Nagodba website serves as an official communication platform for the Agrokor group’s extraordinary administration and financial restructuring process. It provides detailed information about settlement plans, legal proceedings, and updates for creditors and investors. The site targets stakeholders involved in or affected by Agrokor's complex debt restructuring. Technically, the website is built on WordPress with modern JavaScript libraries and plugins, ensuring a responsive and user-friendly experience. Security measures include HTTPS enforcement and Google reCAPTCHA integration, although some security headers could be enhanced. Privacy compliance is strong, with GDPR-aligned cookie consent mechanisms and clear privacy and terms of service pages. Overall, the site is professional, trustworthy, and well-maintained, reflecting the serious nature of the business restructuring.

N

Nutricia Norway AS

nutricia.no

62

Nutricia Norway AS operates a professional website focused on delivering advanced nutritional solutions for adults and children, supporting health through various life stages. The company positions itself as a pioneer in nutrition since 1896 and is a subsidiary of Danone AS. The website targets patients, healthcare professionals, and consumers interested in specialized nutrition products and services. The digital infrastructure is built on WordPress with modern technologies such as Google Tag Manager and OneTrust for cookie consent, reflecting a mature digital presence. Security posture is strong with HTTPS and privacy compliance, though there is room for improvement in publishing explicit security policies and incident response information. Overall, the website is trustworthy, well-branded, and compliant with relevant regulations.

D

Danone

danone.no

71

Danone.no is the Norwegian localized website for Danone, a large multinational food and beverage corporation. The site serves as a corporate and product information portal targeting Norwegian consumers. The website is built on WordPress and incorporates modern technologies such as Google Tag Manager for analytics, Google reCAPTCHA for bot protection, and OneTrust for cookie consent management. Performance monitoring is implemented via New Relic Browser scripts. However, the site lacks explicit privacy policy and terms of service pages, as well as visible contact information, which are important for compliance and user trust. Security practices include HTTPS enforcement and bot protection, but additional security headers and policies could enhance the security posture.

N

Nutricia

nutricia.it

67

Nutricia is a specialist company in medical nutrition based in Italy, focusing on providing nutrition products as an integral part of patient care. The website reflects a mature digital presence built on WordPress, utilizing modern SEO and cookie consent tools such as Rank Math and Cookiebot. The site is well-structured, mobile-optimized, and secure with HTTPS and standard security practices. However, it lacks explicit privacy policy and terms of service pages, which are critical for full GDPR compliance and legal clarity. Contact information is not directly visible in the provided HTML content, which may affect user trust and support accessibility. Overall, the website demonstrates a good security posture with no detected vulnerabilities or blocking mechanisms.

D

Danone

danone.lt

65

Danone.lt is the Lithuanian regional website of Danone, a global leader in the food and beverage industry specializing in dairy, plant-based products, water, and specialized nutrition. The site serves as a corporate and consumer information portal tailored to the Lithuanian market. The website is built on WordPress and incorporates modern web technologies including Google Tag Manager, Google reCAPTCHA, and OneTrust for cookie consent, reflecting a mature digital infrastructure. Performance and mobile optimization are adequate, though accessibility features could be enhanced. Security posture is solid with HTTPS enforced and use of anti-bot mechanisms, but lacks explicit security headers and published security policies. Privacy compliance is strong, with GDPR-aligned cookie consent and a comprehensive privacy policy. Overall, the site projects a professional and trustworthy image consistent with a large multinational enterprise.

N

Nutricia

nutricia.lv

65

Nutricia is a healthcare nutrition company operating in Latvia, providing nutrition products and consumer information primarily in Latvian and Russian. The website is built on WordPress and integrates modern web technologies including Google Fonts, Google Maps API, Google Tag Manager, Hotjar, and OneTrust for cookie consent. The site is well-structured with SEO optimizations and mobile responsiveness, targeting consumers and healthcare professionals in Latvia. Security measures include HTTPS enforcement and cookie consent, though explicit security headers and policies are not evident. The absence of direct contact information and privacy policy pages suggests areas for improvement in transparency and compliance. Overall, the website presents a professional and trustworthy digital presence consistent with its business domain.

D

Danone Magyarország

danone.hu

62

Danone Magyarország operates as a subsidiary of the global Danone Group, focusing on manufacturing and retailing nutrition and health-related food products in Hungary. The website reflects a mature digital presence with clear branding, comprehensive content about their products, corporate social responsibility, and scientific research initiatives. The company targets consumers interested in healthy nutrition, including specialized segments such as parents of children with cancer and healthcare professionals. Technically, the site is built on WordPress with the Divi theme, leveraging modern SEO and analytics tools, and demonstrates good mobile optimization and user experience. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities, although formal security policies and incident response contacts are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and aligned with the company's business objectives.

D

DANONE

danone.pl

10

Danone Poland operates as part of the global Danone group, focusing on dairy, plant-based products, water, and specialized nutrition. The website reflects a mature enterprise with a strong market position and a commitment to sustainability and health. The digital infrastructure uses modern web technologies including Bootstrap, jQuery, and Google Tag Manager, supported by New Relic for performance monitoring. Security posture is solid with HTTPS and no blocking mechanisms, though improvements in DNSSEC and security headers are recommended. Privacy compliance is basic with no explicit privacy or cookie policies detected in the provided content. Overall, the site is professional and trustworthy, targeting general consumers interested in nutrition and health.

V

Volvic

volvic.be

64

Volvic Belgium operates a professionally designed website targeting French-speaking consumers in Belgium, offering a range of natural mineral water and flavored water products with a strong emphasis on sustainability and environmental protection. The website is built on TYPO3 CMS and integrates modern JavaScript libraries and tracking tools, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforced and cookie consent mechanisms in place, although some security headers could be improved. The lack of WHOIS transparency is mitigated by the professional presentation and presence of privacy policies, trusted retail partners, and social media channels. Overall, the website demonstrates a credible and trustworthy business presence in the retail beverage sector.

A

Activia

activia.nl

46

Activia.nl is the official Dutch website for the Activia brand, a well-known consumer packaged goods company specializing in probiotic yogurt products. The site targets general consumers interested in health and wellness, providing product information, engaging content such as podcasts, and brand stories. The website is part of the Danone group, a global leader in dairy and nutrition products, which adds to its market credibility and positioning. Technically, the website is built using modern web technologies including React and Gatsby, ensuring fast performance and good mobile optimization. It integrates standard analytics and marketing tools such as Google Analytics, Google Tag Manager, and TrustCommander for cookie consent management. The site demonstrates good SEO practices and basic accessibility features, although there is room for improvement in accessibility. From a security perspective, the site uses HTTPS with excellent SSL configuration and implements cookie consent mechanisms aligned with GDPR requirements. However, it lacks explicit security policies and incident response information, which could be enhanced to improve transparency and trust. No critical vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, Activia.nl presents a professional, trustworthy, and user-friendly online presence consistent with a large retail brand. Strategic recommendations include publishing dedicated security and incident response policies, enhancing security headers, and maintaining regular audits of third-party scripts to sustain a strong security posture.